Vulnerabilities > CVE-2017-8048

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

pivotal

cloudfoundry

NVD

Published: 2017-10-04

Updated: 2021-08-10

Summary

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal Pivotal Capi Release 1.34.0 Pivotal Capi Release 1.33.0 Pivotal Capi Release 1.41.0 Pivotal Capi Release 1.40.0 Pivotal Capi Release 1.39.0 Pivotal Capi Release 1.37.0 Pivotal Capi Release 1.35.0 Pivotal Capi Release 1.38.0 Pivotal Capi Release 1.36.0	9
Application	Cloudfoundry Cloudfoundry CF Release 269 Cloudfoundry CF Release 268 Cloudfoundry CF Release 272 Cloudfoundry CF Release 270 Cloudfoundry CF Release 271 Cloudfoundry CF Release 273	6

References

https://www.cloudfoundry.org/cve-2017-8048/

Vulnerabilities > CVE-2017-8048 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2017-8048"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2017-8048